Computers and computing systems have affected nearly every aspect of modern living. Computers are generally involved in work, recreation, healthcare, transportation, entertainment, household management, etc.
Computing system functionality can be enhanced by networking with other computing systems via network connections. These network connections, for instance, allow a computing system to access services, like multimedia content and other services, remotely from one or more networked service providers.
Typically, a user must authenticate their computing devices (e.g., a console like Microsoft's Xbox®, a mobile phone or other user device) to an identity provider in order to be granted access, through their devices, to the remote services that are being requested by the user.
In some instances, the service provider (which provides the requested services) and the identity provider (which authenticates the user devices) are a single entity. In other instances, they are different networked entities.
Some authentication processes, require a user to register their device to their user account before their device will be authenticated to receive requested services. In such instances, the user must first provide personal user credentials to the identity provider through the device that is intended to be registered/authenticated. The identity provider then sends back a code to this device, which is displayed to the user. The user must then initiate communications with the identity provider from a second device and enter this code into the second device. The code is then transmitted back to the identity provider, validating the user's receipt of the code through the first device. One implementation of the foregoing authentication process includes the OAuth protocol.
Authentication of a device can be limited to a single service or a suite of services. Device authentication can also be limited to a specific session, duration of time and/or for specific users. Registration records corresponding to the terms and policies of the authentication are stored at the identity provider so that that identity provider can automatically re-authorize and/or validate the device for any new service requests that are received, as appropriate.
Sometimes, the authenticated device will also store authentication credentials, which are received from the identity provider during the authentication process, and which can be included with subsequent service requests to validate the authenticated status of the device.
In some instances, the authentication state of a device can be downgraded, terminated or otherwise changed to an unauthenticated state when security policies change, when user credentials change, when device profiles change, when a session ends, and/or in response to other expiration and security conditions.
When the authentication state of a device is downgraded or eliminated, the user must re-authenticate their device through the OAuth protocol processes or other authentication processes previously described (e.g., enter user credentials at the first device, obtain a code provided to the first device, initiate communications with the provider from a second device, enter the code at the second device, etc.).
This re-authentication process can be cumbersome and an inefficient use of computer resources and user time. Accordingly, there is an ongoing need for improved methods for re-authenticating user devices.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practiced.